|
#1
October 23rd, 2003, 02:32 PM
|
|||
|
|||
|
Internet Xplorer Help
OKay, I need help. THe problem is that when i try to go to yahoo, google, or msn search, i get a error that page cannot be displayed but the site works for everyone else. I am on a wireless linksys network and the other rooms can go to yahoo search. Please help me with this problem. Btw: When i turn on proxies i can go to those sites, why?
|
|
#2
October 23rd, 2003, 02:57 PM
|
|||
|
|||
|
Hi Cyboi, Welcome to CTH.
It sounds like you are infected with Trojan.Qhosts. Download 'Hijack This!'. Unzip, doubleclick HijackThis.exe, and hit "Scan". When the scan is finished, click "Save Log", and copy and paste it in a reply. http://www.spywareinfo.com/~merijn/f...hijackthis.zip |
|
#3
October 23rd, 2003, 10:57 PM
|
|||
|
|||
|
I ran the scan and I got message:
you have a particualy large amount of hijacked domains. it is prolly better to dlete the files itself than to fix each item (and create a backup) What does that mean? Thanks btw for helping me!! I am new here and its really bugging me that seraches dont work cuz this is a pretty new comp and i dont wanna reboot. |
|
#5
October 23rd, 2003, 11:29 PM
|
|||
|
|||
|
Logfile of HijackThis v1.97.3
Scan saved at 4:30:37 PM, on 10/23/2003 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Winamp3\winampa.exe C:\WINDOWS\wt\updater\wcmdmgr.exe C:\Program Files\ScanSoft\PaperPort\fbdirect.exe C:\WINDOWS\System32\LVComS.exe C:\Program Files\CursorXP\CursorXP.exe c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe C:\Program Files\Rainlendar\Rainlendar.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Opera7\opera.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Owner\My Documents\My Downloads\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us7.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 209.247.51.222:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://us7.hpwis.com/ O1 - Hosts file is located at: C:\WINDOWS\help\hosts O1 - Hosts: 88.88.88.88 elite O1 - Hosts: 207.44.194.56 www.google.akadns.net O1 - Hosts: 207.44.194.56 www.google.com O1 - Hosts: 207.44.194.56 google.com O1 - Hosts: 207.44.194.56 www.altavista.com O1 - Hosts: 207.44.194.56 altavista.com O1 - Hosts: 207.44.194.56 search.yahoo.com O1 - Hosts: 207.44.194.56 uk.search.yahoo.com O1 - Hosts: 207.44.194.56 ca.search.yahoo.com O1 - Hosts: 207.44.194.56 jp.search.yahoo.com O1 - Hosts: 207.44.194.56 au.search.yahoo.com O1 - Hosts: 207.44.194.56 de.search.yahoo.com O1 - Hosts: 207.44.194.56 search.yahoo.co.jp O1 - Hosts: 207.44.194.56 www.lycos.de O1 - Hosts: 207.44.194.56 www.lycos.ca O1 - Hosts: 207.44.194.56 www.lycos.jp O1 - Hosts: 207.44.194.56 www.lycos.co.jp O1 - Hosts: 207.44.194.56 alltheweb.com O1 - Hosts: 207.44.194.56 web.ask.com O1 - Hosts: 207.44.194.56 ask.com O1 - Hosts: 207.44.194.56 www.ask.com O1 - Hosts: 207.44.194.56 www.teoma.com O1 - Hosts: 207.44.194.56 search.aol.com O1 - Hosts: 207.44.194.56 www.looksmart.com O1 - Hosts: 207.44.194.56 auto.search.msn.com O1 - Hosts: 207.44.194.56 search.msn.com O1 - Hosts: 207.44.194.56 ca.search.msn.com O1 - Hosts: 207.44.194.56 fr.ca.search.msn.com O1 - Hosts: 207.44.194.56 search.fr.msn.be O1 - Hosts: 207.44.194.56 search.fr.msn.ch O1 - Hosts: 207.44.194.56 search.latam.yupimsn.com O1 - Hosts: 207.44.194.56 search.msn.at O1 - Hosts: 207.44.194.56 search.msn.be O1 - Hosts: 207.44.194.56 search.msn.ch O1 - Hosts: 207.44.194.56 search.msn.co.in O1 - Hosts: 207.44.194.56 search.msn.co.jp O1 - Hosts: 207.44.194.56 search.msn.co.kr O1 - Hosts: 207.44.194.56 search.msn.com.br O1 - Hosts: 207.44.194.56 search.msn.com.hk O1 - Hosts: 207.44.194.56 search.msn.com.my O1 - Hosts: 207.44.194.56 search.msn.com.sg O1 - Hosts: 207.44.194.56 search.msn.com.tw O1 - Hosts: 207.44.194.56 search.msn.co.za O1 - Hosts: 207.44.194.56 search.msn.de O1 - Hosts: 207.44.194.56 search.msn.dk O1 - Hosts: 207.44.194.56 search.msn.es O1 - Hosts: 207.44.194.56 search.msn.fi O1 - Hosts: 207.44.194.56 search.msn.fr O1 - Hosts: 207.44.194.56 search.msn.it O1 - Hosts: 207.44.194.56 search.msn.nl O1 - Hosts: 207.44.194.56 search.msn.no O1 - Hosts: 207.44.194.56 search.msn.se O1 - Hosts: 207.44.194.56 search.ninemsn.com.au O1 - Hosts: 207.44.194.56 search.t1msn.com.mx O1 - Hosts: 207.44.194.56 search.xtramsn.co.nz O1 - Hosts: 207.44.194.56 search.yupimsn.com O1 - Hosts: 207.44.194.56 uk.search.msn.com O1 - Hosts: 207.44.194.56 search.lycos.com O1 - Hosts: 207.44.194.56 www.lycos.com O1 - Hosts: 207.44.194.56 www.google.ca O1 - Hosts: 207.44.194.56 google.ca O1 - Hosts: 207.44.194.56 www.google.uk O1 - Hosts: 207.44.194.56 www.google.co.uk O1 - Hosts: 207.44.194.56 www.google.com.au O1 - Hosts: 207.44.194.56 www.google.co.jp O1 - Hosts: 207.44.194.56 www.google.jp O1 - Hosts: 207.44.194.56 www.google.at O1 - Hosts: 207.44.194.56 www.google.be O1 - Hosts: 207.44.194.56 www.google.ch O1 - Hosts: 207.44.194.56 www.google.de O1 - Hosts: 207.44.194.56 www.google.se O1 - Hosts: 207.44.194.56 www.google.dk O1 - Hosts: 207.44.194.56 www.google.fi O1 - Hosts: 207.44.194.56 www.google.fr O1 - Hosts: 207.44.194.56 www.google.com.gr O1 - Hosts: 207.44.194.56 www.google.com.hk O1 - Hosts: 207.44.194.56 www.google.ie O1 - Hosts: 207.44.194.56 www.google.co.il O1 - Hosts: 207.44.194.56 www.google.it O1 - Hosts: 207.44.194.56 www.google.co.kr O1 - Hosts: 207.44.194.56 www.google.com.mx O1 - Hosts: 207.44.194.56 www.google.nl O1 - Hosts: 207.44.194.56 www.google.co.nz O1 - Hosts: 207.44.194.56 www.google.pl O1 - Hosts: 207.44.194.56 www.google.pt O1 - Hosts: 207.44.194.56 www.google.com.ru O1 - Hosts: 207.44.194.56 www.google.com.sg O1 - Hosts: 207.44.194.56 www.google.co.th O1 - Hosts: 207.44.194.56 www.google.com.tr O1 - Hosts: 207.44.194.56 www.google.com.tw O1 - Hosts: 207.44.194.56 go.google.com O1 - Hosts: 207.44.194.56 google.at O1 - Hosts: 207.44.194.56 google.be O1 - Hosts: 207.44.194.56 google.de O1 - Hosts: 207.44.194.56 google.dk O1 - Hosts: 207.44.194.56 google.fi O1 - Hosts: 207.44.194.56 google.fr O1 - Hosts: 207.44.194.56 google.com.hk O1 - Hosts: 207.44.194.56 google.ie O1 - Hosts: 207.44.194.56 google.co.il O1 - Hosts: 207.44.194.56 google.it O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Freedom Popup Killer - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll O2 - BHO: Freedom BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe" O4 - HKLM\..\Run: [fbdirect] C:\Program Files\ScanSoft\PaperPort\fbdirect.exe O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\System32\LVComS.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: MktBrowser (HKLM) O9 - Extra 'Tools' menuitem: MarketBrowser (HKLM) O9 - Extra button: Run DAP (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/potc_x.cab O16 - DPF: {00679257-D4E7-4141-AA1B-8D6408CBA6A0} (ZeSTX Control) - http://web.spaceillusion.com/ZeST/ZeSTX.cab O16 - DPF: {006BC827-9780-4305-B96D-ABACEC1276A8} (EGameLoader Control) - http://www.e-games.com.my/com/EGameLoader.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50017/btiein.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {5DB05CB8-7751-469D-A1DD-45C8C201C013} (Blender 3D Plug-in Active X Control) - http://download.blender.org/release/...er3DPlugin.cab O16 - DPF: {79419762-2D03-48F8-A63E-0544D95143DE} - http://www.x2game.com/control/AutoPatchOCX.cab O16 - DPF: {AEFD1FBF-F311-4A6F-A360-B5BCC74BE3EE} (SpriteCtrl Class) - http://www.mysprite.com/sprite/bin/Sprite.cab O16 - DPF: {B5CC0E52-9CE2-4BF2-8365-A0E4E2C528A2} (EGameWebCrypt Class) - http://www.e-games.com.my/com/EGameWebCrypt.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {E5F55B7A-89D5-4387-B665-43437B3E293D} - http://www.x2game.com/Control/X2Run.Cab O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com O17 - HKLM\System\CCS\Services\Tcpip\..\windows: NameServer = 69.57.146.14,69.57.147.175 O17 - HKLM\System\CCS\Services\Tcpip\..\{4472B35D-48DD-492C-BD1D-7DCB15AFF99F}: NameServer = 69.57.146.14,69.57.147.175 O17 - HKLM\System\CCS\Services\Tcpip\..\{8AB27BB8-2BFA-4629-B1AA-5E73E40F889A}: NameServer = 69.57.146.14,69.57.147.175 O17 - HKLM\System\CS1\Services\VxD\MSTCP: Domain = mydomain.com O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.57.146.14,69.57.147.175 O17 - HKLM\System\CS1\Services\Tcpip\..\windows: NameServer = 69.57.146.14,69.57.147.175 O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.57.146.14,69.57.147.175 |
|
#6
October 24th, 2003, 12:46 AM
|
|||
|
|||
|
Run HT again and check the following items. Next, close all browser Windows, and have HT 'fix checked'.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1 O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50017/btiein.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com O17 - HKLM\System\CCS\Services\Tcpip\..\windows: NameServer = 69.57.146.14,69.57.147.175 O17 - HKLM\System\CCS\Services\Tcpip\..\{4472B35D-48DD-492C-BD1D-7DCB15AFF99F}: NameServer = 69.57.146.14,69.57.147.175 O17 - HKLM\System\CCS\Services\Tcpip\..\{8AB27BB8-2BFA-4629-B1AA-5E73E40F889A}: NameServer = 69.57.146.14,69.57.147.175 O17 - HKLM\System\CS1\Services\VxD\MSTCP: Domain = mydomain.com O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.57.146.14,69.57.147.175 O17 - HKLM\System\CS1\Services\Tcpip\..\windows: NameServer = 69.57.146.14,69.57.147.175 O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.57.146.14,69.57.147.175 Then delete the following: C:\Bdtmp folder C:\WINDOWS\help\hosts |
|
#8
October 24th, 2003, 01:07 AM
|
|||
|
|||
|
It will be hidden, make sure you can view hidden files and folders:
Open any folder and click Tools > Folder Options > View tab Click the 'Show hidden files and folders' radio button and click OK. |
|
#9
October 24th, 2003, 01:24 AM
|
|||
|
|||
|
WHOA THANKS NOW IT WORKS!!!, okay now my sis got a comp problem -_-.
Here goes, she cant like open up pages with popups in it. Like she cant enter a page that is like a popup page. She can get to the main screen, but when she enter, the popup doesnt load for her! Please help plweeze |
|
#10
October 25th, 2003, 09:39 PM
|
|||
|
|||
|
Does she have a popup blocker installed?
Edit: looks like you've started a new thread for the second issue so I'll close this one to avoid confusion 
__________________
Don't forget to post back with the results |
 |
| Bookmarks |
«
Previous Topic
|
Next Topic
»
| Topic Tools | |
|
|
All times are GMT +1. The time now is 01:45 AM.
[
RSS ]
